Category Archives: System Tools

Recently while working on the malware-traffic-analysis.net exercise “2016-02-06 – TRAFFIC ANALYSIS EXERCISE – NETWORK ALERTS AT CUPID’S ARROW ONLINE” I ran into a problem where when you loaded any file into the hex editor or just open it on its … Continue reading →

I am currently working on the latest Malware traffic analysis exercise located here Titled “2016-01-07 – TRAFFIC ANALYSIS EXERCISE – ALERTS ON 3 DIFFERENT HOSTS” I used the command line to run TShark with this command to extract just the … Continue reading →

In my last post I talked about getting a unique list of User-Agent strings and as a bonus I discovered that you can travel back and forth from Wireshark to a hex editor and back using the time stamps. In … Continue reading →

Recently I have been going thru the malware traffic exercises created by Brad Duncan of “malware-traffic-analysis.net”. In my last post on a exercise I started wondering about the User-Agent strings used with malware as a way to possibly narrow in … Continue reading →

This is a program that converts SID’s with 1 – 5 sub Authorities , from Array of bytes to the String Format In my last post I was looking for a way to convert the array of bytes , (SID: … Continue reading →

My Last Post Titled “Event 10 Mystery Solved” (found here.), Left me with a Question about the binary version of the SID, A returned value of CreatorSID: 1,5,0,0,0,0,0,5,21,0,0,0,190,118,173,34,87,198,105,19,239,226,7,24,244,1,0,0 I started searching the net to see if anyone has posted a … Continue reading →

Using various methods I was able to back track the elusive event 10 to the source. Here is what you see when you open the event viewer on a Windows Vista system. There are A LOT of post all over … Continue reading →